The Energy Blog
How Siemens is Fighting back against Cybercriminals
Ever since the first computer worm shut down most of the internet in 1989, ransomware, malware, and other malicious online attacks have become the common vernacular defining cyber security challenges in the 21st century. But in 2017 the scale and sophistication of these attacks has grown exponentially. In May, the WannaCry cryptoworm hit 230,000 computers in 150 countries in just one day, with an estimated cost of $4 billion.
A month later the Petya attack – which used NSA hacking tool EternalBlue to exploit Windows' Server Message Block protocols – compromised the networks of several prominent global companies, including Russian oil producer Rosneft, British advertising giant WPP and Danish shipping behemoth A.P. Moller-Maersk.
What this means for the energy sector
Few industries have been immune to the heightened risk of a cyberattack, and the energy sector has become a particular target. Ensuring security of this critical infrastructure has been rendered increasingly complex by the fact that information technology (IT) and operational technology (OT*) have converged, opening up an increasingly distributed and diverse array of potential attack vectors.
(*OT is technology that interfaces with the physical world and includes industrial control systems, supervisory control and data acquisition (SCADA), and distributed control systems.)
This convergence in the era of digitalization is inevitable. Businesses need data to be able to travel from the field to the control room through an enterprise network. This is the hybrid infrastructure that underpins operational efficiency, data-driven servicing, and improved responsiveness to market signals. This convergence also underscores the need for unique security solutions.
The challenges of IT/OT cyber security
The challenge of securing the energy sector’s critical infrastructure in this environment is significant. As Leo Simonovich, Vice President of Global Cyber Strategy at Siemens puts it: “To detect an attack in the utility environment, you have to be able to perform security analytics at the asset level, the SCADA level and the network level; you can’t simply drop IT solutions into the OT environment.”
Advanced grid security, for example, requires complex measures defined in global standards such as IEC 62433, IEC 62351, and ISO 27k, and recommended by regulatory authorities like NERC CIP. These security measures must be enacted by a partner with a deep understanding of both the energy sector and how such security solutions integrate with the processes behind them.
Security and support for plants and grids
Siemens has long offered a comprehensive security service that includes industrial security monitoring; remote incident handling; perimeter firewall management, review and penetration testing; antivirus and whitelisting management; patch and vulnerability management and more, for plants both from Siemens and third-party providers.
The last point is crucial. As Ali Elnaamani, Siemens’ Global Head of Cyber Security notes, it is important for clients to have access to a comprehensive solution that’s vendor-agnostic.
“Customers are increasingly asking for one integrator to provide security solutions for their entire fleet, and one contact in case of a cyber incident. We can provide this with the benefit of a holistic understanding that comes from building our OT portfolio from the ground up.”
Building security from the ground up
When building a cyber security program, the first step is often surprisingly straightforward: assessing where the utility or organization is on the maturity curve.
Simonovich explains: “The first thing we ask a customer is: Do you have a strategy? Have you dealt with the fundamentals? Have you transformed your security environment? We then look at how to begin monitoring and detection – smartly, aligned with the business objectives and priorities.”
Often clients have digitalized and connected legacy assets, which in itself presents challenges. According to Simonovich, “the industry is being connected at the edge, [for example] a platform or a substation, and at the core. A lot of that connectivity, as seen in distributed energy for instance, is not linear. This creates an increased attack surface that is spread out and harder to secure.”
Elnaamani adds that Siemen’s takes a holistic approach to designing the right kind of strategy that incorporates the right kind of technology. “Siemens has a vast amount of secure networking equipment. We are the leading provider of industrial firewalls in the world today, for example. But technology needs to be supported by an overall strategy in a risk and compliance-based approach.”
Staying ahead in a cyber arms race
Siemens has long been working to strengthen its capabilities in a rapidly evolving threat environment. The company built three advanced cyber defense centers in China, Portugal and the US to execute end-to-end advanced monitoring, with the teams steeped in OT-specific engineering able to deploy a wide range of tools including advanced penetration testing, network monitoring and anomaly detection.
Siemens has also engaged in partnerships with some of the most advanced actors in this space to further bolster its capabilities. Earlier this year, in one of the largest strategic relationships ever inked between a global engineering company and an IT provider, Siemens signed a Memorandum of Understanding (MOU) with premiere digital services provider Atos. This partnership gives Siemens access to Atos’ 4,500 worldwide security specialists and eight 24x7 Security Operations Centers, creating a unique set of IT/OT capabilities.
This relationship was further enhanced by Siemens’ subsequent strategic partnership with Darktrace, a leading machine learning company for cyber security. Drawing on advances in machine learning and probabilistic mathematics, Darktrace’s Industrial Immune System platform works to detect and remediate cyber-threats at their nascent stages. By learning the ‘pattern of life’ for every network, device, and user across both OT and IT networks, the company uses AI to identify and automatically take action against emerging attacks. The Siemens-Dark Trace partnership reinforces our work in security program design, security lifecycle management, plant security monitoring, and incident response.
Strategic thinking across the spectrum
Such tools are vital to building a powerful defensive armament against a growing ecosystem of malicious actors. They allow Siemens to scour networks for weak links, providing strategic as well as remedial technological guidance to strengthen or close them.
As Elnaamani puts it: “In a world in which you have a decentralized operating model, with asset owners relying on various service providers for their IT, the weakest link can be the cause of a major incident.”
Siemens, he says, can play a critical role in helping “lift the middle” and address some of the industry’s weak points. “We are providing remediation measures for our customers globally today,” says Elnaamani, “but we are also highlighting that it’s really important to take a step back and not just react but [ask the question]: What is my strategy?”
Learn more about Siemens Digital Services for Energy.